Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

The request was rejected because the URL contained a potentially malicious String

SOLVED Go to solution

The request was rejected because the URL contained a potentially malicious String

Explorer

When using the Python SDK to create an InstanceTemplate if the bootstrap_scripts contain any special characters the API will reject it :

 

 

cloudera.director.common.rest.ApiException: (500)
Reason: Server Error
HTTP response headers: HTTPHeaderDict({'Connection': 'close', 'Content-Type': 'application/json;charset=utf-8'})
HTTP response body: {
  "timestamp" : 1563826656470,
  "status" : 500,
  "error" : "Internal Server Error",
  "message" : "org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String \"%5C\"",

 

An example bootstrap script that fails is if you put:

 

wget https://www.google.com

 

Spring Security will reject this as a malicious URL since it is being encoded in the URL and not being put in the body it appears.

 

However, if you define the InstanceTemplate and don't create it in Director via the InstanceTemplatesAPI but rather just immediately pass it to the VirtualInstance in a ClusterTemplate or DeploymentTemplate then there is no issue. Of course it will not appear in the templates tab in Director of that environment in this situation.

 

 

Is there any way to turn off (or limit) the Spring firewall in application.properties or should I try to modify the python sdk to send the data in the body?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: The request was rejected because the URL contained a potentially malicious String

Explorer

As it turns out this was my screwup -- I tried to get the template (to verify it's existence) with the InstanceTemplate object instead of the string name before creating it with my defined InstanceTemplate object.

 

Apologies for any inconvenience!

 

 

1 REPLY 1
Highlighted

Re: The request was rejected because the URL contained a potentially malicious String

Explorer

As it turns out this was my screwup -- I tried to get the template (to verify it's existence) with the InstanceTemplate object instead of the string name before creating it with my defined InstanceTemplate object.

 

Apologies for any inconvenience!